[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities

On Sun, May 13, 2007 at 01:33:16PM +0200, Moritz Muehlenhoff wrote:
> CVE-2007-1496
>     Michal Miroslaw reported a DoS vulnerability (crash) in netfilter.
>     A remote attacker can cause a NULL pointer dereference in the
>     nfnetlink_log function.

CVE says:
| nfnetlink_log in netfilter in the Linux kernel before allows
| attackers to cause a denial of service (crash) via unspecified vectors
| involving the (1) nfulnl_recv_config function, (2) using "multiple
| packets per netlink message", and (3) bridged packets, which trigger a
| NULL pointer dereference.

Could someone who knows netfilter a bit better comment on this? In what
circumstances in real life is this exploitable? Is there any workaround?
I'm not using bridging, I don't care about logging, so I'm happy to
disable it, I'm not sure what that netlink thing means..

Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to: